diff --git a/CHANGELOG.md b/CHANGELOG.md index 1dc95da43..4c6965c8e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,9 @@ Changelog](https://keepachangelog.com/en/1.0.0/). - Malfunctioning timestomping PBA. #1405 - Malfunctioning shell startup script PBA. #1419 +### Security +- Generate a random password when creating a new user for CommunicateAsNewUser PBA. #1434 + ## [1.11.0] - 2021-08-13 ### Added - A runtime-configurable option to specify a data directory where runtime diff --git a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py index 161adfb0d..79747a5bf 100644 --- a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py +++ b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py @@ -10,6 +10,7 @@ from infection_monkey.telemetry.post_breach_telem import PostBreachTelem from infection_monkey.utils.auto_new_user_factory import create_auto_new_user from infection_monkey.utils.environment import is_windows_os from infection_monkey.utils.new_user_error import NewUserError +from infection_monkey.utils.random_password_generator import get_random_password INFECTION_MONKEY_WEBSITE_URL = "https://infectionmonkey.com/" @@ -21,7 +22,6 @@ CREATED_PROCESS_AS_USER_FAILED_FORMAT = ( ) USERNAME_PREFIX = "somenewuser" -PASSWORD = "N3WPa55W0rD!1" logger = logging.getLogger(__name__) @@ -29,8 +29,8 @@ logger = logging.getLogger(__name__) class CommunicateAsNewUser(PBA): """ This PBA creates a new user, and then creates HTTPS requests as that user. This is used for a - Zero Trust test of the - People pillar. See the relevant telemetry processing to see what findings are created. + Zero Trust test of the People pillar. See the relevant telemetry processing to see what findings + are created. """ def __init__(self): @@ -39,7 +39,8 @@ class CommunicateAsNewUser(PBA): def run(self): username = CommunicateAsNewUser.get_random_new_user_name() try: - with create_auto_new_user(username, PASSWORD) as new_user: + password = get_random_password() + with create_auto_new_user(username, password) as new_user: http_request_commandline = CommunicateAsNewUser.get_commandline_for_http_request( INFECTION_MONKEY_WEBSITE_URL ) diff --git a/monkey/tests/unit_tests/infection_monkey/post_breach/actions/test_communicate_as_backdoor_user.py b/monkey/tests/unit_tests/infection_monkey/post_breach/actions/test_communicate_as_backdoor_user.py new file mode 100644 index 000000000..2a1bf8f49 --- /dev/null +++ b/monkey/tests/unit_tests/infection_monkey/post_breach/actions/test_communicate_as_backdoor_user.py @@ -0,0 +1,38 @@ +from infection_monkey.post_breach.actions.communicate_as_new_user import ( + USERNAME_PREFIX, + CommunicateAsNewUser, +) + +URL = "this-is-where-i-wanna-go" + + +def test_get_random_new_user_name(): + username = CommunicateAsNewUser.get_random_new_user_name() + assert len(username) == len(USERNAME_PREFIX) + 5 + assert username.islower() + assert username.startswith(USERNAME_PREFIX) + + +def test_get_commandline_for_http_request_windows(): + cmd_line = CommunicateAsNewUser.get_commandline_for_http_request(URL, is_windows=True) + assert "powershell.exe" in cmd_line + assert URL in cmd_line + + +def test_get_commandline_for_http_request_linux_curl(monkeypatch): + monkeypatch.setattr( + "infection_monkey.post_breach.actions.communicate_as_new_user.shutil.which", + lambda _: "not None", + ) + cmd_line = CommunicateAsNewUser.get_commandline_for_http_request(URL, is_windows=False) + assert "curl" in cmd_line + assert URL in cmd_line + + +def test_get_commandline_for_http_request_linux_wget(monkeypatch): + monkeypatch.setattr( + "infection_monkey.post_breach.actions.communicate_as_new_user.shutil.which", lambda _: None + ) + cmd_line = CommunicateAsNewUser.get_commandline_for_http_request(URL, is_windows=False) + assert "wget" in cmd_line + assert URL in cmd_line